Продукты:
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Уязвимости Угрозы
Главная Уязвимости

Multiple vulnerabilities were found in Microsoft Windows

Kaspersky ID:
KLA90840
Дата обнаружения:
13/01/2026
Обновлено:
14/01/2026

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Virtualization-Based Security (VBS) Enclave can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in Capability Access Management Service (camsvc) can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  6. An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.
  7. An elevation of privilege vulnerability in Windows Management Services can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Tablet Windows User Interface (TWINUI) Subsystem can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
  12. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  13. An information disclosure vulnerability in Windows Client-Side Caching (CSC) Service can be exploited remotely to obtain sensitive information.
  14. An elevation of privilege vulnerability in Windows Clipboard Server can be exploited remotely to gain privileges.
  15. A remote code execution vulnerability in Windows Local Security Authority Subsystem Service (LSASS) can be exploited remotely to execute arbitrary code.
  16. A denial of service vulnerability in Windows SMB Server can be exploited remotely to cause denial of service.
  17. A remote code execution vulnerability in Windows Deployment Services can be exploited remotely to execute arbitrary code.
  18. A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
  19. An elevation of privilege vulnerability in Windows Motorola Soft Modem Driver can be exploited remotely to gain privileges.
  20. An information disclosure vulnerability in Dynamic Root of Trust for Measurement (DRTM) can be exploited remotely to obtain sensitive information.
  21. An information disclosure vulnerability in Windows Kerberos can be exploited remotely to obtain sensitive information.
  22. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  24. An elevation of privilege vulnerability in MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  26. A tampering vulnerability in Windows Hello can be exploited remotely to spoof user interface.
  27. An information disclosure vulnerability in Capability Access Management Service (camsvc) can be exploited remotely to obtain sensitive information.
  28. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  29. An information disclosure vulnerability in Windows Virtualization-Based Security (VBS) can be exploited remotely to obtain sensitive information.
  30. A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
  31. An information disclosure vulnerability in Windows File Explorer can be exploited remotely to obtain sensitive information.
  32. An elevation of privilege vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to gain privileges.
  33. A tampering vulnerability in LDAP can be exploited remotely to spoof user interface.
  34. An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
  35. A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
  36. A security feature bypass vulnerability in Windows Remote Assistance can be exploited remotely to bypass security restrictions.
  37. An elevation of privilege vulnerability in Windows File Explorer can be exploited remotely to gain privileges.
  38. An elevation of privilege vulnerability in Windows SMB Server can be exploited remotely to gain privileges.
  39. An elevation of privilege vulnerability in Windows Local Session Manager (LSM) can be exploited remotely to gain privileges.
  40. An elevation of privilege vulnerability in Desktop Windows Manager can be exploited remotely to gain privileges.
  41. An elevation of privilege vulnerability in Windows Kernel-Mode Driver can be exploited remotely to gain privileges.
  42. An information disclosure vulnerability in Windows NDIS can be exploited remotely to obtain sensitive information.
  43. An information disclosure vulnerability in TPM Trustlet can be exploited remotely to obtain sensitive information.
  44. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  45. An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
  46. An information disclosure vulnerability in Windows Management Services can be exploited remotely to obtain sensitive information.
  47. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  48. An elevation of privilege vulnerability in Windows WalletService can be exploited remotely to gain privileges.
  49. An information disclosure vulnerability in Windows rndismp6.sys can be exploited remotely to obtain sensitive information.
  50. An information disclosure vulnerability in Desktop Window Manager can be exploited remotely to obtain sensitive information.
  51. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
  52. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  53. An elevation of privilege vulnerability in Windows Remote Procedure Call Interface Definition Language (IDL) can be exploited remotely to gain privileges.
  54. An elevation of privilege vulnerability in Windows Kernel Memory can be exploited remotely to gain privileges.
  55. An information disclosure vulnerability in Tablet Windows User Interface (TWINUI) Subsystem can be exploited remotely to obtain sensitive information.
  56. A security feature bypass vulnerability in Secure Boot Certificate Expiration can be exploited remotely to bypass security restrictions.
  57. A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
  58. A denial of service vulnerability in Windows Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
  59. An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
  60. An elevation of privilege vulnerability in Host Process for Windows Tasks can be exploited remotely to gain privileges.
  61. An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2023-31096
    critical
  • CVE-2024-55414
    critical
  • CVE-2026-0386
    critical
  • CVE-2026-20804
    critical
  • CVE-2026-20805
    high
  • CVE-2026-20808
    high
  • CVE-2026-20809
    critical
  • CVE-2026-20810
    critical
  • CVE-2026-20811
    critical
  • CVE-2026-20812
    high
  • CVE-2026-20814
    high
  • CVE-2026-20815
    high
  • CVE-2026-20816
    high
  • CVE-2026-20817
    critical
  • CVE-2026-20818
    high
  • CVE-2026-20819
    high
  • CVE-2026-20820
    critical
  • CVE-2026-20821
    high
  • CVE-2026-20822
    critical
  • CVE-2026-20823
    high
  • CVE-2026-20824
    high
  • CVE-2026-20825
    warning
  • CVE-2026-20826
    critical
  • CVE-2026-20827
    high
  • CVE-2026-20828
    warning
  • CVE-2026-20829
    high
  • CVE-2026-20830
    high
  • CVE-2026-20831
    critical
  • CVE-2026-20832
    critical
  • CVE-2026-20833
    high
  • CVE-2026-20834
    warning
  • CVE-2026-20835
    high
  • CVE-2026-20836
    high
  • CVE-2026-20837
    critical
  • CVE-2026-20838
    high
  • CVE-2026-20839
    high
  • CVE-2026-20840
    critical
  • CVE-2026-20842
    high
  • CVE-2026-20843
    critical
  • CVE-2026-20844
    high
  • CVE-2026-20847
    high
  • CVE-2026-20848
    critical
  • CVE-2026-20849
    critical
  • CVE-2026-20851
    high
  • CVE-2026-20852
    critical
  • CVE-2026-20853
    high
  • CVE-2026-20854
    critical
  • CVE-2026-20856
    critical
  • CVE-2026-20857
    critical
  • CVE-2026-20858
    critical
  • CVE-2026-20859
    critical
  • CVE-2026-20860
    critical
  • CVE-2026-20861
    critical
  • CVE-2026-20862
    high
  • CVE-2026-20863
    high
  • CVE-2026-20864
    critical
  • CVE-2026-20865
    critical
  • CVE-2026-20866
    critical
  • CVE-2026-20867
    critical
  • CVE-2026-20868
    critical
  • CVE-2026-20869
    high
  • CVE-2026-20870
    critical
  • CVE-2026-20871
    critical
  • CVE-2026-20872
    high
  • CVE-2026-20873
    critical
  • CVE-2026-20874
    critical
  • CVE-2026-20875
    critical
  • CVE-2026-20876
    high
  • CVE-2026-20877
    critical
  • CVE-2026-20918
    critical
  • CVE-2026-20919
    critical
  • CVE-2026-20920
    critical
  • CVE-2026-20921
    critical
  • CVE-2026-20922
    critical
  • CVE-2026-20923
    critical
  • CVE-2026-20924
    critical
  • CVE-2026-20925
    high
  • CVE-2026-20926
    critical
  • CVE-2026-20927
    high
  • CVE-2026-20929
    critical
  • CVE-2026-20931
    critical
  • CVE-2026-20932
    high
  • CVE-2026-20934
    critical
  • CVE-2026-20935
    high
  • CVE-2026-20936
    warning
  • CVE-2026-20937
    high
  • CVE-2026-20938
    critical
  • CVE-2026-20939
    high
  • CVE-2026-20940
    critical
  • CVE-2026-20941
    critical
  • CVE-2026-20962
    warning
  • CVE-2026-21221
    high
  • CVE-2026-21265
    high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Related articles
25 December 2025
Securelist
Ландшафт угроз для систем промышленной автоматизации. Третий квартал 2025 года
23 December 2025
Securelist
Оценка эффективности использования SIEM
23 December 2025
Securelist
Променяли читы на эксплойты: Webrat распространяется через GitHub
19 December 2025
Securelist
Активность Cloud Atlas в первой половине 2025 года: что изменилось
19 December 2025
Securelist
Очередной DCOM-объект для горизонтального перемещения
17 December 2025
Securelist
Продолжение операции «Форумный тролль»: российских политологов атакуют при помощи отчетов о плагиате
Нашли неточность в описании этой уязвимости?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Нашли новую угрозу или уязвимость?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Продукты
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Select language
Sorting
Kaspersky ID
Уязвимость
Detect date
Уровень угрозы
Confirm changes?
Your message has been sent successfully.